FTC finally settles with Sony BMG over rootkit

The Federal Trade Commission has announced a settlement with Sony BMG over the …

The Sony BMG rootkit scandal is finally winding down. Seriously. We promise. The Federal Trade Commission (FTC) today announced a settlement with Sony, though it doesn't come with a direct financial penalty. It does include a set of conditions that will change the way Sony BMG markets CDs in the future, conditions that will hopefully set a precedent for other companies to follow when they add DRM software to audio CDs.

The settlement comes after Sony BMG has worked its way up the legal food chain, progressing from a class-action lawsuit to a settlement with state attorneys general to dealing with the federal government. The Feds allege that the software included on the CDs violated federal law and constituted a deceptive trade practice. In the future, Sony BMG is required to clearly label DRM-protected discs and is prohibited from installing any software without notifying and gaining consent from the user.

The deal will have some financial impact on the company, though probably not a large one. Sony BMG does not need to pay a fine, but they are required to provide exchanges for existing DRM-enabled CDs until June 31, 2007, and pay up to $150 to anyone who spent money trying to remove the rootkit or repair any damage from it.

"Consumers' computers belong to them," said FTC Chairman Deborah Platt Majoras, "and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

FTC v. porn spammer: fight!

The Commission also announced today another settlement, this one for a hefty $465,000. The target is TJ Web Productions, which is accused of sending pornographic spam e-mails without following the rules of the CAN-SPAM Act.

Those rules require that unsolicited sex e-mails include a warning "SEXUALLY EXPLICIT:" in the subject line and that they not display pornographic images in the "initially viewable area of the message." Companies also need to provide a legitimate mailing address and an opt-out e-mail address.

The settlement was reached even though TJ Web did not send the e-mails in question directly. Instead, the company sent the messages through a web of affiliates who were paid for their services, but this was not enough to protect them from the wrath of the FTC. In addition to paying the fine, the company has also agreed to abide by the CAN-SPAM Act and the FTC's Adult Labeling Rule, and it must get agreements that its affiliates will do the same before allowing them to send e-mail on behalf of TJ Web.

The government has grown more serious about cracking down on such spam. In the last year and a half, the FTC has settled with five spammers and brought in more than $1.6 million in settlement penalties. While the agency certainly won't stomp out spam at this rate, the combined force of the cases will hopefully cause US-based businesses to think twice before ignoring CAN-SPAM's provisions.

Of course, the basic problem with CAN-SPAM is that, so long as they comply with the terms of the law, companies are free to spam you with not-quite pornographic messages.